[Debian-ha-maintainers] Bug#974563: corosync unable to communicate with pacemaker 1.1.16-1+deb9u1 which contains the fix for CVE-2020-25654

[Markus Koschany]

Control: severity -1 normal

Am Montag, den 16.11.2020, 09:22 -0300 schrieb Alejandro Taboada:
> Hi Markus,
> 
> Sorry for the delay. With this patch works when is applied only to 1 node.
> The services restart and the arm resources are up.
> The problem appears again when I install the patch on a 2nd node. The the
> resources stopped again.

Hello Alejandro,

thanks for your feedback. At the moment I cannot reproduce the problem hence I
have reverted the patch and uploaded a new revision, 1.1.16-1+deb9u2, of
pacemaker to stretch-security which restores the old behavior. The regression
tests shipped with pacemaker also don't report anything unusual. I will keep
this bug report open for discussions and work on another update. This time I
intend to upgrade pacemaker to the latest upstream release in the 1.1.x branch
which is currently 1.1.24~rc1. This one also includes fixes for CVE-2018-16878
and CVE-2018-16877. I expect no big changes in terms of existing features but I
will send new packages for testing before I upload a new upstream release. 

Regards,

Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/debian-ha-maintainers/attachments/20201117/a763578b/attachment.sig>